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(57) Abstract: A method (Fig. 2) of enabling anonymous 
shipment of a package containing goods purchased by a 
customer from a vendor (S21) for delivery to an address 
unknown to the vendor includes steps of receiving a request 
for a package code for the package from the vendor, sending 
the package code to the vendor (S24), the package code being 
devoid of delivery address information and sending a shipping 
identifier and an associated address to the shipper (S25). The 
shipper, after picking up the package for shipment from the 
vendor, matches the package code sent to the vendor with the 
shipping identifier and identifies the associated address as the 
delivery address of the package. A shipping label may then 
be printed out and affixed to the package (S26). 
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eDROPSHIP: 
METHODS AND SYSTEMS FOR 
ANONYMOUS eCOMMERCE SHIPMENT 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention relates to the safeguarding of personal information in electronic 
commerce transactions. More particularly, the present invention addresses the privacy concerns 
of consumers in the electronic marketplace by limiting access to package delivery information. 

2. Description of the Related Art 

The advent of electronic commerce over the Internet has spurred economic development 
by fostering new products and industries and revitalizing old ones. Electronic commerce has 
also brought an unprecedented array of choices to consumers, who now can make purchases 
without regard to geographical or political boundaries. However, the increasingly global 
interconnectivity making such electronic commerce possible is fraught with potential dangers to 
the consumer. One such danger is the misuse of personal and financial information. Indeed, 
each time that a consumer makes an online purchase from a vendor over the World Wide Web 
(hereafter "Web"), he or she typically must supply the vendor with personal information, such 
as his or her name, address, telephone numbers, email address and financial information such as 
a credit card number, for example. Often the consumer is also invited to supply other 
information, such as annual income, number of dependents, etc. Such information tends to be 
persistent, and is usually stored in databases (whether such database belong to the vendor, credit 
agencies or other vendors) and may be used for purposes wholly unforeseen by the customer at 
the time of the original transaction. Individual consumers are not the only ones that may be 
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harmed by such practices; businesses also have an interest in protecting their business 
information, be it customer lists, key suppliers and the like. 

Even if the online purchase, however, is somehow made in an anonymous or quasi- 
anonymous fashion (that is, without divulging personal or financial information to the vendor), 
5 the vendor typically must still ship the package to a delivery address, which may be the 
purchaser's home or business address or the address of a customer, friend or relative. This 
information, then, must be given to the vendor who then may store the supplied information for 
later use or misuse. 

Some of the potential consequences of providing such addressee information to the 
10 vendor are discussed with reference to Fig. 1, which shows a conventional method of shipping 
goods from a vendor to a customer. As shown therein, the customer makes an electronic 
purchase at S 1 1 , and is invited to provide the vendor with his or her personal and financial 
information, such as payment information (credit card numbers, for example) and personal 
information such as telephone numbers, physical and/or electronic addresses (email address, for 
15 example) and shipping information, as shown at SI 3. At step SI 4, the vendor processes and 
stores the supplied information (typically in a database, as shown at reference numeral 10 in 
Fig. 1). The vendor then packages the goods purchased by the customer, applies a shipping 
label to the package and surrenders the package to a shipper or freight forwarder (such as the 
US post office, UPS® or FedEx®, for example) for delivery to the customer 12. 
20 However, the effects of supplying the vendor with the above-listed personal and 

financial information are not confined to the underlying purchase. Indeed, as shown in Fig. 1 , 
the vendor may itself send the customer 12 unwanted email, subject the customer 12 to 
unwanted telephone solicitations, or send the customer unsolicited commercial mailings 
(commonly referred to as "junk mail"). More egregious still, the vendor may sell the customer- 
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provided information to third parties, collectively referenced in Fig. 1 at 14. The vendor may 
also sell aggregate customer information - that is, information that does not identify any 
particular one customer, a relatively benign act However, the vendor may also sell his or her 
customers' individual personal and financial information to third parties 14, without the consent 
5 or knowledge of the affected customers. In turn, such third parties 14 may also subject the 
customer 12 to a barrage of unwanted emails, solicitations and/or junk mail. The customer, if a 
business, may have business reasons such as the preservation of trade secrets, for wanting 
anonymous shipping. Such unwelcome intrusions are, however, but a few manifestations of the 
universe of all possible deliberate uses and misuses of personal and financial information. 
10 Indeed, the customer's personal and financial information may be purchased or intercepted by 
parties wholly unforeseen by the customer and used for illegal purposes, such as to facilitate 
identity theft, for example. This problem is exacerbated by the increasing proliferation of e- 
commerce vendors and Web sites, each of which collects and uses the customers' personal and 
financial information. 

15 However, even if the actual purchase is somehow made in an anonymous or quasi- 

anonymous fashion (akin to a face-to-face cash transaction, for example), the package 
containing the purchased goods still must be delivered to the customer or other addressee. In 
turn, this entails that the name and address of the recipient of the package be provided to the 
vendor, with all of the above -detailed potential consequences of providing such information. 

20 SUMMARY OF THE INVENTION 

An object of the present invention, therefore, is to provide methods and systems for 
anonymous shipment of goods. Another object of the present invention is to provide methods 
and systems for vendors, shippers and trusted parties such as banks to handle anonymous 
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shipments of goods. It is a still further object of the present invention to provide methods and 
systems for the anonymous forwarding of goods in digital form, such as software and music. 

In accordance with the above-described objects and those that will be mentioned and 
will become apparent below, a method of enabling anonymous shipment of a package 
5 containing goods purchased by a customer from a vendor for delivery to an address unknown to 
the vendor, comprises steps of receiving a request for a package code for the package from the 
vendor; sending the package code to the vendor, the package code being devoid of delivery 
address information and sending a shipping identifier and an associated address to the shipper. 
The shipper, after picking up the package for shipment from the vendor, matches the package 

10 code sent to the vendor with the shipping identifier and identifies the associated address as the 
delivery address of the package. The package code may include a code number and machine- 
readable indicia expressing the code number. The received request may include a request for 
authentication and/or an electronic draft for payment of the purchased goods and/or a shipping 
charge. The receiving and sending steps may be performed over a computer network, including 

15 leased lines, a private network, a virtual private network and/or the Internet. The receiving and 
sending steps may be carried out by a bank or other trusted party. 

According to another embodiment thereof, the present invention is a method of 
processing a package identified by a package code devoid of delivery address information, the 
package containing goods purchased by a customer from a vendor for shipment to an address 
20 unknown to the vendor, comprising steps of receiving a request to pick up a package from the 
vendor, the package having a machine-readable package code affixed thereto, the request 
including a shipping identifier and a delivery address associated with the shipping identifier; 
picking up the package from the vendor; reading the package code affixed to the package; 
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matching the package code with the received shipping identifier, and delivering the package to 
the delivery address associated with the shipping identifier. 

Steps of printing a shipping label on which the delivery address is visible and affixing 
the shipping label on the package may also be carried out. The package code may include a 
5 code number and/or machine-readable indicia expressing the code number. The receiving step 
may be performed over a computer network that includes, for example, leased lines, a private 
network, a virtual private network and/or the Internet. The request may be sent to the shipper 
by a bank or by some other trusted party. 

According to still another embodiment, the present invention is a method of causing a 
10 package of goods purchased from a vendor to be delivered to an address unknown to the 
vendor, comprising steps of sending a request for a package code to a trusted entity; receiving 
the package code, the package code being devoid of delivery address information; affixing the 
package code to the package, and surrendering the package to a shipper. The shipper then 
matches the package code with a shipping identifier and associated delivery address previously 
15 received from the trusted entity, generates a shipping label specifying the associated delivery 
address and affixes the label to the package. The package code may include a code number 
and/or machine-readable indicia expressing the code number. The request may include a 
request for authentication and/or an electronic draft for payment of the purchased goods and/or 
a shipping charge. The receiving and sending steps may be performed over a computer 
20 network. The trusted entity may be a bank, for example. 

The present invention may also be viewed as a method of enabling a customer to 
anonymously purchase an item from a vendor via an electronic draft for delivery to an address 
without divulging the delivery address to the vendor, comprising the steps of storing, in a bank, 
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an encrypted unique identifier lor the customer, the encrypted unique identifier being linked to 
the customer's personal and financial information stored in the bank, including the delivery 
address; authenticating the customer having caused a draft to be executed for payment of at least 
one of a purchase price of the item and a shipping cost by encrypting at least a portion of an 
5 identification data provided by the customer and successfully matching the encrypted 
identification data with the stored encrypted unique identifier; retrieving at least the 
authenticated customer's financial information and delivery address; honoring a draft presented 
by the vendor for payment of the item only when the customer is successfully authenticated by 
the bank; assigning a package code to the item, the assigned package code being associated with 

10 the retrieved delivery address; sending only the package code to the vendor, the vendor affixing 
the package code to the package, and sending the package code and the associated delivery 
address to a shipper for storage in a shipper database. The shipper then picks up the item from 
the vendor, and prints out a shipping label for the package, a delivery address on the label being 
that customer address linked to a package code stored in the shipper database that matches the 

1 5 package code affixed to the package. 

The identification data may include an ID and a password, biometric data and/or a 
digital certificate at the bank's discretion, as required for appropriate security, given the value of 
the transaction. The password is preferably known to the bank only in encrypted form, the 
customer's encrypted unique identifier, personal and financial information may be stored in a 
20 data structure managed by a Directory software controlled by the bank. The package code and 
the linked customer address may be replicated in the shipper database via Light Weight 
Directory Access Protocol (LDAP) or similar standard format. At least a portion of the shipper 
database may be replicated in a portable electronic device equipped with a package code 
scanner and a shipping label printer. The package code may include a code number and/or a 
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machine-readable indicia expressing the code number. The authenticating and sending steps 
may be performed over a computer network including, for example, the Internet, 

According to still another embodiment, the present invention is a method of enabling a 
customer having purchased goods in digital form from a vendor to have the goods delivered to a 
5 specified electronic delivery address without divulging the electronic delivery address to the 
vendor, comprising the steps of associating a package code with the specified electronic 
delivery address and storing the package code and the electronic delivery address; sending the 
vendor a package code and an associated forwarding electronic address, the forwarding 
electronic address being different from the electronic delivery address, the vendor forwarding 
10 the goods and the package code to the forwarding electronic address associated with the 
received package code; reading the forwarded package code and retrieving the stored electronic 
delivery address associated therewith, and delivering the goods to the retrieved electronic 
delivery address. The associating and storing steps may be carried out by a bank or other 
trusted entity. 

15 BRIEF DESCRIPTION OF THE DRAWINGS 

For a further understanding of the objects and advantages of the present invention, 
reference should be made to the following detailed description, taken in conjunction with the 
accompanying figures, in which: 

Fig. 1 is a flowchart of a conventional method of shipping goods from a vendor to a 
20 customer. 

Fig. 2 is a flowchart of eDROPSHIP™, a method for anonymous shipping according to 
an embodiment of the present invention. 



WO 01/53971 



PCT/US00/33143 



-8- 

Fig. 3 shows another aspect of the present invention, in which the transaction between 
the vendor and the customer includes both anonymous payment and shipment. 

DESCRIPTION OF THE INVENTION 



for 



10 



15 



20 



25 



VENDOR: 



CUSTOMER: 



goods 



DELIVERY 
ADDRESS: 



SHIPPER: 



PACKAGE: 



BANK: 



30 



Any person or entity that sells and/or offers goods and/or services 
Sale (the seller). 

Any person or entity that purchases goods and/or services from a 
Vendor (the buyer). The customer may be a business who, for 
business, privacy, or business reasons (such as the preservation of 
trade secrets, for example) may want to purchase and receive 

anonymously. 

A location to which the package is to be delivered. The delivery 
address may be a physical location to which a physical package 
may be delivered or may be an electronic address over a computer 
network such as the Internet. 

Any person or entity that ships or forwards the purchased goods 
and/or services to the delivery address. 

Any package that contains the goods or item(s) purchased by 
purchaser that is to be delivered by the shipper to the delivery 
address. The package may be in any form, such as a letter or 
package. The package may also be large, such as a Sea-Land® 
container or a railroad boxcar, for example. Alternatively, the 
package may be in electronic form and may include one or more 
electronic files to be delivered to an electronic address. 
As used herein, the term "bank" includes all financial services 
institutions accepting deposits of cash, negotiable securities, 
marketable shares/stock into numbered (or otherwise uniquely- 
identified) accounts and honoring checks, drafts and/or other 
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customer instructions. Such a definition includes (but is not 

limited 

to) traditional banks and savings institutions, stockbrokers, online 
trading concerns, credit unions and any institution that legally 
identifies with and has some financial and fiduciary relationship 

with 

an account holder and that has the ability to honor customer or 
account holder instructions referring to specific accounts. Within 

the 

context of the present invention, the term "bank" also includes 

such 

institutions as post offices or other governmental agencies that 

carry 

out banking or quasi-banking functions. 
FUNCTIONAL OVERVIEW 

Fig. 2 is a flowchart of the eDROPSHIP™ method for anonymous shipping, according 

to an embodiment of the present invention. The method begins at step S20. At S21, the 

customer makes a purchase from, for example, the vendor's Web site. At step S22, the 

customer requests anonymous payment (anonymous with respect at least to the vendor) for his 

or her purchase through his or her bank 20. Although any means and/or methods for 

anonymous payment may be implemented within the context of the present invention, 

particularly well-suited methods and means for doing so are disclosed in commonly assigned 

US patent applications serial numbers 09/272,056 filed March 18, 1999 and 09/405,741 filed 

September 24, 1999, the disclosures of which are hereby incorporated herein in their entirety. It 

is to be noted that the present invention also finds applicability in situations wherein the 

payment is not anonymous, but the customer does not wish to disclose the identity or address of 

the recipient of the package to the vendor and to any situation in which the customer wishes to 
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keep the address of the package recipient from the vendor. The present invention is also 
applicable to in-person cash transactions. 

According to the present invention, the only entity that should hold the customer's 
personal and confidential information is that entity that already enjoys a fiduciary relationship 
5 and a trusted relationship with the customer. According to an embodiment of the present 
invention, that entity is the customer's bank 20. The bank 20 is well suited to intermediate in 
electronic transactions, as it already stores the customer's financial and personal information in 
its secure database(s). According to the present invention, the bank 20 restricts access to the 
customers' personal and financial information, such as account numbers, credit card numbers, 

10 passwords, address, phone numbers and the like. As shown at S23, the bank 20 processes the 
request for anonymous payment for the goods purchased by the customer. For example, the 
request for anonymous payment may be in the form of an electronic draft. Using generally 
accepted legal terms, a draft is a written order by a first party, called the drawer, instructing a 
second party, called the drawee, to pay money to a third party, called the payee. In terms of the 

1 5 present invention, the vendor may be thought of as the payee, the customer as the drawer and 
the bank may be thought of as the drawee. In step S24, the bank 20 authorizes, guarantees 
and/or releases payment (on the electronic draft, for example) to the vendor for the goods 
(and/or the shipping charges) purchased by the customer. Along with or separately from the 
authorization, guarantee and/or electronic payment, the bank 20 sends a package code through 

20 the network 22 to the vendor, as shown in step S24. Preferably, the package code sent to the 
vendor includes a code number and machine-readable indicia expressing the code number. The 
code number may be an entirely numerical code number or may include other symbols and/or 
letters. According to an embodiment of the present invention, the machine-readable indicia 
includes a barcode. Other machine-readable indicia may be used within the context of the 
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present invention. Examples of suitable machine-readable codes include the PDF code 
developed by Symbol Technologies, Inc. and the DataGlyph code developed by Xerox, Inc. 
The PDF code is a two-dimensional code that is used for the identification of fungible items, 
and is read using a handheld laser beam scanning technique. The DataGlyph code is a two- 
5 dimensional code disclosed in US patent no. 5,245,165 and is used to provide information on 
office forms that are scanned using a conventional general-purpose document reader. 

According to an embodiment of the present invention, the package code is entirely 
devoid of any package delivery information. Alternatively, the package code includes the 
delivery address, but in a form that is unreadable by the vendor. In any event, the vendor is not 

10 given access to the package delivery address, and thus cannot misuse the information or include 
such information in any later (even legitimate) marketing or sales efforts. Having received the 
package code from the bank 20, the vendor affixes or somehow otherwise imprints the package 
code on the package to be shipped. According to one embodiment of the present invention, the 
vendor affixes an adhesive label onto the package, the adhesive label bearing the package code 

15 thereon. For example, the vendor may affix a label onto the package to be shipped, the label 
having the machine-readable indicia such as a barcode, PDF, DataGlyph or other code printed 
thereon. The bank 20, as shown at S25, also sends a shipping identifier and an associated 
delivery address through the network 22 to a shipper such as, for example, the Untied States 
Postal Service or any private shipping or freight company, such as FedEx®, UPS® or DHL® 

20 for example. The bank 20 retrieves this information from its secure database and sends the 
shipping identifier and associated delivery address through a secure communication channel 
using a standardized protocol, such as the Secure Socket Layer (hereafter "SSL"), for example. 
SSL utilizes an encryption scheme (such as a public key encryption scheme, for example) 
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negotiated at the time of the communication and helps to ensure that electronic eavesdroppers 
between the shipper and the bank 20 cannot intercept any clear, unencrypted communication. 

The shipper to which the shipping identifier and the associated package delivery address 
are sent may be selected by the customer or by the bank 20. The shipping identifier sent to the 
5 selected shipper matches the package code sent to the vendor. The shipper stores the shipping 
identifier and the associated delivery address. As shown at S26, the shipper then picks up the 
package at the vendor's location, reads the package code, matches the read package code with 
the received shipping identifier and prints out a shipping label bearing the associated package 
delivery address thereon and affixes same to the package. In this manner, only the shipper and 

10 the bank know and/or have access to the delivery address. As shown in step S27, the shipper 
may now ship the package to the address on the shipping label in the usual manner. The 
shipped package may then be received at the intended delivery address, as shown at step S28, 
whereupon the method according to the present invention ends at S29. 

In practice, the bank 20 may send the vendor an estimate of when the shipper will pick 

1 5 up the package, along with the package code. When the bank 20 sends the shipper the shipping 
identifier and associated delivery address, as shown in step S25, the bank 20 preferably also 
sends the shipper the vendor's name, address and contact information, such as telephone 
number(s), facsimile number(s) and email address, for example. The bank 20 may also send the 
shipper the customer's telephone number or other contact information. This information may 

20 be sent to the shipper's database and thereafter replicated or otherwise downloaded into a 
portable digital device, such as a Palm Computing device, as manufactured/modified by Symbol 
Technologies, Inc., for example. Such a device may store a subset of the shipper's main 
database. For example, an Oracle 8i Lite database may reside on the portable digital device and 
the subset of the shipper's main database may be replicated wirelessly into the portable digital 
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device. In such a case, the above-listed information may be replicated therein, to allow the 
shipper to make the pick up and match the package code on the package with the shipping 
identifier and associated delivery address stored in the database (Oracle 8i Lite, for example, or 
a later version or incarnation thereof). Preferably, the portable digital device includes an 
5 integrated code reader device for reading the machine-readable indicia affixed to the package 
and a printer for printing out a shipping label, or the relevant portion thereof containing the 
package delivery address. Upon reading the machine-readable indicia affixed by the vendor on 
the package to be delivered, the database residing on the portable digital device then matches 
the package code embodied in the machine-readable indicia with the shipping identifier and 

10 associated delivery address (including the name of the recipient of the package, if appropriate) 
stored therein. The retrieved delivery address is then passed to the printer of or coupled to the 
portable digital device, which then prints the shipping label. The shipper may then affix the 
shipping label to the package and the shipping and actual delivery of the package may then 
proceed in the usual manner. 

15 The methods and systems for anonymous shipment according to the present invention 

may also be utilized for shipping packages to addresses other than the address of the bank 
account holder. For example, the package may be "in care of the bank account holder, but 
addressed to another person at another address. In that case, the bank account holder may store 
the "Care of address within the bank database and specify that the "Care of* address is to be 

20 substituted for the delivery address in step S25. This may be done when the electronic draft is 
created and forwarded to the bank 20 for payment or upon otherwise arranging for a bank- 
intermediated payment or financing. Alternatively, the package may be a gift, or may have been 
bought on behalf of a person other than the bank account holder. In this case, the bank account 
holder may have caused a "Send to" address to be stored within the bank database, and the 
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"Send to" address may be selected by the customer upon causing the electronic draft to be 
created and forwarded to the bank 20, or upon otherwise arranging for a bank-intermediated 
payment or financing. In the case wherein a package is undeliverable for any reason, the 
shipper may return the package to the bank 20 or to some location specified by the bank 20. 
5 Thereafter, the bank 20 may generate a message (such as an email, for example) informing the 
customer that his or her package is undeliverable. A charge may be levied against the 
customer's account to cover the costs associated with shipping and storing an undeliverable 
package. 

The present invention, therefore, provides for an anonymous shipment system and 
10 method by which the customer's personal and financial information is safeguarded by entities 
having a fiduciary and/or contractual agreement to limit the dissemination of such information. 
For example, the shipper may be under a contractual obligation with the bank 20 not to make 
any disclosure of the personal and/or financial information gained through participation in the 
method or use of the system disclosed herein. Preferably, the bank 20 may only sell aggregate 
15 customer information to third parties, unless the customer has previously given the bank 20 his 
or her (full or limited) consent to the dissemination of his or her confidential information. The 
vendor, therefore, may purchase aggregate information (i.e., information that does not identify 
any one customer) for use in sales and/or marketing efforts, for example. The aggregate 
customer information may be filtered and sorted by the bank 20 to provide the vendors only 
20 with that information that they have requested, and only in the form in which they have 
requested the information. The vendor's sales and marketing informational needs are satisfied, 
therefore, without subjecting the customer to unwanted solicitations and intrusions into their 
privacy. 
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Should, however, the vendor wish to contact the customer to notify the customer of a 
product recall or to send the customer advertisement and special promotions, the vendor may 
send same electronically to the bank 20, including therein the package code sent to in step S24. 
The bank 20 may then forward the electronic recall, advertisement or promotion to the 
5 customer's physical or electronic address (e.g., email address), unless the customer bank 
account holder has previously indicated his or her preference not to receive any such messages 
or messages from this vendor, excepting, for example, product safety and recall information. 
Therefore, the vendor's link to the customer is not necessarily severed, but is managed and 
under the control of the customer, which is the party bearing the risk of loss in the case of 

10 uncontrolled dissemination of personal information. Implementation of the present method and 
system eventually recaptures the customers' confidentiality, as the vendors' databases will no 
longer be updated as the customers' personal and financial information changes. Instead, only 
the bank 20 and the shipper, both under a duty to preserve the confidentiality of the customers' 
information, will have access thereto. 

15 The bank 20, according to the present invention, may guarantee that the shipper's 

charges will be paid. Indeed, the shipper may be paid directly from the account holder's 
account. In this manner, the vendor preferably only charges for the cost of the item and not for 
any related (and oft inflated) "shipping and handling" charges. 

In the case wherein the goods purchased by the customer form the vendor are in 

20 electronic form, such as software, music or data, the bank 20 may send the vendor a package 
code and an electronic forwarding address to which to forward the customer's purchase. The 
vendor may then transmit the software, music or data to the specified electronic forwarding 
address, together with the supplied package code. The bank 20 may then match the package 
code with the customer's account(s) and cause the software, music, or other digital data 
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purchased by the customer to the customer's own electronic address, to the customer's "Care 
of electronic address or to the customer's "Send to" electronic address, as specified by the 
customer upon purchasing the item and arranging for its payment, whether anonymous or 
otherwise. The customer may modify his or her payment information, physical address(es), 
5 electronic address(es), "Care of address(es), "Send to" address(es) or any other delivery 
address(es) at any time by logging onto a secure Web site maintained and controlled by the bank 
20, becoming authenticated by the bank 20 by means of an ID/Password pair (for example), and 
entering/modifying the desired information by clicking a "Shipping Options" selection, for 
example. 

10 Fig. 3 shows another aspect of the present invention, in which the transaction between 

the vendor and the customer includes both anonymous payment and shipment. As shown 
therein, a method of enabling a customer to anonymously purchase an item from a vendor via an 
electronic draft for delivery to an address without divulging the delivery address to the vendor 
may include the following steps. At step S31, an encrypted identifier unique to the customer is 

15 stored in a bank, or other trusted entity. The encrypted unique identifier is linked to the 
customer's personal and financial information stored in the bank, including the delivery address 
(or one or more "Send to" addresses and/or one or more "Care of 1 addresses). The delivery 
address may be the customer's own home or business address, or someone else home or 
business address. In step S32 3 it is determined whether the customer has been authenticated by 

20 the bank. To do so, the customer may log onto the bank's Web site set up for that purpose, as 
disclosed in above-cited US patent applications 09/272,056 and/or 09/405,741. The bank- 
buyer agreement will define the appropriate authentication measures. Once logged on over the 
network 22 (which may, for example, include the Internet), the customer provides the bank 20 
with identification data, at least a portion of which may be immediately encrypted and 
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compared with the previously stored encrypted unique identifier for that customer. Upon a 
successful match, the customer is authenticated. If the identification data provided does not 
match the stored encrypted unique identifier, the customer is not authenticated and no electronic 
draft will be honored on the customer's account (until such authentication is successful), as 
5 shown at S3 3. At S34, the bank 20 or other trusted party retrieves the stored customer's 
personal and/or financial information linked to the encrypted unique identifier. At step S35, the 
electronic draft presented to the bank 20 for payment of the customer's purchases is honored, 
subject to any bank-imposed restrictions, such as sufficient account balances or credit, for 
example. The bank 20 may then assign a package code to the item(s) purchased by the 

10 customer and send the package code (preferably electronically) to the vendor. The vendor may 
then affix a machine-readable indicia expressing the package code to the package. As shown at 
S38, the package code and the package delivery address may be sent to the shipper, along with 
an identification of the vendor and other relevant information. In a prefenred embodiment, the 
shipper maintains an iDRAFT™ account at a participating iDRAFT™ bank, in the manner 

15 disclosed in the above cited US patent applications serial numbers 09/272.056 and/or 
09/405,741. The shipper may then pick up the package identified by the package code, read the 
machine-readable indicia affixed thereto, retrieve the delivery address associated therewith, 
print out a shipping label and affix same to the package. 

The customer's identification data may include an ID and a password and/or other 

20 identifying data, such as biometric data, for example. As the customer's password is known to 
the bank 20 only in encrypted form, the bank 20 preferably encrypts the customer-provided 
password immediately upon receipt. Preferably, the customer's encrypted unique identifier, 
personal and financial information are stored by the bank 20 or other trusted entity in a data 
structure managed by a Directory software controlled by the bank. Directory software typically 



WO 01/53971 



PCT/US00/33143 



-18- 

includes a repository (e.g., a lisi or database, for example) of names, permissions, resources, 
hardware, software and hierarchical information and/or rules within a network. The phrase 
"Directory software", according to the present invention, encompasses any software including 
or managing such a repository that is designed to operate on computers coupled to a network. 
5 For example, the bank 20 may store the above-listed information in a Directory software 
compatible with and accessible through Directory access software, such as Directory access 
software compatible with the X.500 Directory Access Protocol (DAP), which protocol is 
incorporated herein by reference, or a subset, extension or variant thereof. One such subset of 
DAP is the Lightweight Directory Access Protocol or LDAP. For example, the customer's bank 

10 20 may implement Oracle Internet Directory™ (OiD™) software (or upgrades/variants thereof), 
a software product developed by the assignee of the present invention. OiD™ combines a 
native implementation of the Internet Engineering Task Force's (IETF) LDAP v3 standard (also 
incorporated herewith in its entirety by reference) with, for example, an Oracle8 (or later 
implementation) back-end data store. In like manner, the shipper may store the package code 

1 5 and the delivery address provided to it by the bank 20 within a database managed by a Directory 
software compatible with the LDAP v3 (or later versions) protocol, such as the above-identified 
OiD™ software from Oracle Corporation. A portion of this database may be replicated (via the 
LDAP protocol, for example) in a portable digital device (such as the SPT1700 series of "Palm" 
computing devices manufactured/modified by Symbol Technologies, Inc., for example) in 

20 which an Oracle 8i Lite (or later versions thereof) database resides. This allows the shipper 
actually making the pick up of the package to have all relevant information available at the 
vendor's location when he or she picks up the package identified by the package code. Other 
Directory software may be used for this purpose, such as Novell Directory Services™ (NDS™) 
of Novell, Inc. 
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While the foregoing detailed description has described preferred embodiments of the 
present invention, it is to be understood that the above description is illustrative only and not 
limiting of the disclosed invention. Those of skill in this art will recognize other alternative 
embodiments and all such embodiments are deemed to fall within the scope of the present 
5 invention. Thus, the present invention should be limited only by the claims as set forth below. 
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WHAT IS CLAIMED IS: 

1. A method of enabling anonymous shipment of a package containing goods 
purchased by a customer from a vendor for delivery to an address unknown to the vendor, 
comprising the steps of: 

5 receiving a request for a package code for the package from the vendor; 

sending the package code to the vendor, the package code being devoid of delivery 
address information and 

sending a shipping identifier and an associated address to the shipper, whereby the 
shipper, after picking up the package for shipment from the vendor, matches the package code 
10 sent to the vendor with the shipping identifier and identifies the associated address as the 
delivery address of the package. 

2. The method of Claim 1 , wherein the package code includes at least one of a code 
number and machine-readable indicia expressing the code number. 

3. The method of Claim 1, wherein the received request includes at least one of a 
1 5 request for authentication and an electronic draft for payment of at least one of the purchased 

goods and a shipping charge. 

4. The method of Claim 1, wherein the receiving and sending steps are performed 
over a computer network. 

5. The method of Claim 1, wherein the computer network includes at least one of 
20 leased lines, a private network, a virtual private network and the Internet. 

6. The method of Claim 1, wherein the receiving and sending steps are carried out 
by a bank. 
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7. A method of processing a package identified by a package code devoid of 
delivery address information, the package containing goods purchased by a customer from a 
vendor for shipment to an address unknown to the vendor, comprising the steps of: 

receiving a request to pick up a package from the vendor, the package having a machine- 
readable package code affixed thereto, the request including a shipping identifier and a delivery 
address associated with the shipping identifier; 

picking up the package from the vendor; 

reading the package code affixed to the package; 

matching the package code with the received shipping identifier, and 

delivering the package to the delivery address associated with the shipping identifier. 

8. The method of Claim 7, further comprising the steps of printing a shipping label 
on which the delivery address is visible and affixing the shipping label on the package. 

9. The method of Claim 7, wherein the package code includes at least one of a code 
number and machine-readable indicia expressing the code number. 

10. The method of Claim 7, wherein the receiving step is performed over a computer 
network. 

1 1. The method of Claim 7, wherein the computer network includes at least one of 
leased lines, a private network, a virtual private network and the Internet. 

12. The method of Claim 7, wherein the request is sent to the shipper by a bank. 

13. A method of causing a package of goods purchased from a vendor to be 
delivered to an address unknown to the vendor, comprising the steps of: 
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sending a request for a package code to a trusted entity; 

receiving the package code, the package code being devoid of delivery address 
information; 

affixing the package code to the package, and 

5 surrendering the package to a shipper, whereby the shipper matches the package code 

with a shipping identifier and associated delivery address previously received from the trusted 
entity, generates a shipping label specifying the associated delivery address and affixes the label 
to the package. 

14. The method of Claim 13, wherein the package code includes at least one of a 
10 code number and machine-readable indicia expressing the code number. 

15. The method of Claim 13, wherein the request includes at least one of a request 
for authentication and an electronic draft for payment of at least one of the purchased goods and 
a shipping charge. 

16. The method of Claim 13, wherein the receiving and sending steps are performed 
1 5 over a computer network. 

17. The method of Claim 13, wherein the trusted entity is a bank. 

18. A method of enabling a customer to anonymously purchase an item from a 
vendor via an electronic draft for delivery to an address without divulging the delivery address 
to the vendor, comprising the steps of: 

20 storing, in a bank, an encrypted unique identifier for the customer, the encrypted unique 

identifier being linked to the customer's personal and financial information stored in the bank, 
including the delivery address; 
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authenticating the customer having caused a draft to be executed for payment of at least 
one of a purchase price of the item and a shipping cost by encrypting at least a portion of an 
identification data provided by the customer and successfully matching the encrypted 
identification data with the stored encrypted unique identifier; 

5 retrieving at least the authenticated customer's financial information and delivery 

address; 

honoring a draft presented by the vendor for payment of the item only when the 
customer is successfully authenticated by the bank; 

assigning a package code to the item, the assigned package code being associated with 
10 the retrieved delivery address; 

sending only the package code to the vendor, the vendor affixing the package code to the 
package, and 

sending the package code and the associated delivery address to a shipper for storage in 
a shipper database, whereby the shipper picks up the item from the vendor, and prints out a 
15 shipping label for the package, a delivery address on the label being that customer address 
linked to a package code stored in the shipper database that matches the package code affixed to 
the package, 

19. The method of Claim 18, wherein the identification data includes at least one of 
an ID and a password, the password being known to the bank only in encrypted form, biometric 
20 data and a digital certificate. 
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20. The method of Claim 18, wherein the customer's encrypted unique identifier, 
personal and financial information are stored in a data structure managed by a Directory 
software controlled by the bank. 

21. The method of Claim 18, wherein the package code and the linked customer 
5 address are replicated in the shipper database via Light Weight Directory Access Protocol 

(LDAP) or similar standard format. 

22. The method of Claim 18, wherein at least a portion of the shipper database is 
replicated in a portable electronic device equipped with a package code scanner and a shipping 
label printer. 

10 23. The method of Claim 18, wherein the package code includes at least one of a 

code number and machine-readable indicia expressing the code number. 

24. The method of Claim 18, wherein the authenticating and sending steps are 
performed over a computer network. 

25. The method of Claim 24, wherein the computer network includes the Internet. 

1 5 26. The method of Claim 1 8, wherein the customer is a business. 

27. A method of enabling a customer having purchased goods in digital form from a 
vendor to have the goods delivered to a specified electronic delivery address without divulging 
the electronic delivery address to the vendor, comprising the steps of: 

associating a package code with the specified electronic delivery address and storing the 
20 package code and the electronic delivery address; 

sending the vendor a package code and an associated forwarding electronic address, the 
forwarding electronic address being different from the electronic delivery address, the vendor 
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forwarding the goods and the package code to the forwarding electronic address associated with 
the received package code; 

reading the forwarded package code and retrieving the stored electronic delivery address 
associated therewith, and 

5 delivering the goods to the retrieved electronic delivery address. 

28. The method of claim 27, wherein the associating and storing steps are carried out 
by a bank. 
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